CVE-2021-45468 Information

Description

Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use \Content-Encoding: gzip\ to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://bishopfox.com/blog/imperva-eliminates-critical-exposure

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8